Index: lams_tool_preview/src/java/org/lamsfoundation/lams/tool/peerreview/service/PeerreviewServiceImpl.java =================================================================== diff -u -r0a6765ac7eb73c6b99c343a021877c48236241b8 -r2cad2462df185fce685da61762fb06d98ebee415 --- lams_tool_preview/src/java/org/lamsfoundation/lams/tool/peerreview/service/PeerreviewServiceImpl.java (.../PeerreviewServiceImpl.java) (revision 0a6765ac7eb73c6b99c343a021877c48236241b8) +++ lams_tool_preview/src/java/org/lamsfoundation/lams/tool/peerreview/service/PeerreviewServiceImpl.java (.../PeerreviewServiceImpl.java) (revision 2cad2462df185fce685da61762fb06d98ebee415) @@ -496,15 +496,18 @@ private void generateRatingEntryForEmail(StringBuilder notificationMessage, RatingCriteria criteria, StyledCriteriaRatingDTO dto) { + String escapedTitle = StringEscapeUtils.escapeHtml(dto.getRatingCriteria().getTitle()); if (dto.getRatingDtos().size() >= 1) { if (criteria.isCommentRating()) { StringBuilder comments = new StringBuilder(); for (StyledRatingDTO ratingDto : dto.getRatingDtos()) { - if (ratingDto.getComment() != null) - comments.append("
  • ").append(ratingDto.getComment()).append("
    • "); + if (ratingDto.getComment() != null) { + String escaped = StringEscapeUtils.escapeHtml(ratingDto.getComment()); + comments.append("
  • ").append(escaped).append("
    • "); + } } notificationMessage.append(getLocalisedMessage("event.sent.results.criteria.comment", new Object[] { - dto.getRatingCriteria().getTitle(), comments.toString() })); + escapedTitle, comments.toString() })); } else { String avgRating = dto.getRatingDtos().get(0).getAverageRating().length() > 0 ? dto.getRatingDtos() .get(0).getAverageRating() : "0"; @@ -513,30 +516,32 @@ if (criteria.isCommentsEnabled()) { comments = new StringBuilder(); for (StyledRatingDTO ratingDto : dto.getRatingDtos()) { - if (ratingDto.getComment() != null) - comments.append("
  • ").append(ratingDto.getComment()).append("
    • "); + if (ratingDto.getComment() != null) { + String escaped = StringEscapeUtils.escapeHtml(ratingDto.getComment()); + comments.append("
  • ").append(escaped).append("
    • "); + } } } notificationMessage.append(getLocalisedMessage( "event.sent.results.criteria.star", - new Object[] { dto.getRatingCriteria().getTitle(), avgRating, + new Object[] { escapedTitle, avgRating, comments != null ? comments.toString() : "" })); } else if (criteria.isRankingStyleRating()) { if (criteria.getMaxRating() > 0) { notificationMessage .append(getLocalisedMessage("event.sent.results.criteria.rank", new Object[] { - dto.getRatingCriteria().getTitle(), avgRating, criteria.getMaxRating() })); + escapedTitle, avgRating, criteria.getMaxRating() })); } else { notificationMessage.append(getLocalisedMessage("event.sent.results.criteria.rankAll", - new Object[] { dto.getRatingCriteria().getTitle(), avgRating })); + new Object[] { escapedTitle, avgRating })); } } else { // hedge style rating notificationMessage.append(getLocalisedMessage("event.sent.results.criteria.hedge", new Object[] { - dto.getRatingCriteria().getTitle(), avgRating, criteria.getMaxRating() })); + escapedTitle, avgRating, criteria.getMaxRating() })); } } } else { - notificationMessage.append(dto.getRatingCriteria().getTitle()).append( + notificationMessage.append(escapedTitle).append( getLocalisedMessage("event.sent.results.no.results", null)); } notificationMessage.append("\n"); Index: lams_tool_preview/web/pages/learning/learning.jsp =================================================================== diff -u -r3b619df5e7e11dab1dc49859d23399a4b179c16f -r2cad2462df185fce685da61762fb06d98ebee415 --- lams_tool_preview/web/pages/learning/learning.jsp (.../learning.jsp) (revision 3b619df5e7e11dab1dc49859d23399a4b179c16f) +++ lams_tool_preview/web/pages/learning/learning.jsp (.../learning.jsp) (revision 2cad2462df185fce685da61762fb06d98ebee415) @@ -104,7 +104,7 @@
    -

    ${criteriaRatings.ratingCriteria.title}

    +

    <%@ include file="comment.jsp" %> Index: lams_tool_preview/web/pages/learning/results.jsp =================================================================== diff -u -rd2f1cafab9126e3848663764c082b76ccf2de0c5 -r2cad2462df185fce685da61762fb06d98ebee415 --- lams_tool_preview/web/pages/learning/results.jsp (.../results.jsp) (revision d2f1cafab9126e3848663764c082b76ccf2de0c5) +++ lams_tool_preview/web/pages/learning/results.jsp (.../results.jsp) (revision 2cad2462df185fce685da61762fb06d98ebee415) @@ -106,7 +106,7 @@
    - ${criteriaRatings.ratingCriteria.title} +
    @@ -121,7 +121,7 @@
    -

    ${criteriaRatings.ratingCriteria.title}

    +

    Index: lams_tool_preview/web/pages/monitoring/summary.jsp =================================================================== diff -u -r0a6765ac7eb73c6b99c343a021877c48236241b8 -r2cad2462df185fce685da61762fb06d98ebee415 --- lams_tool_preview/web/pages/monitoring/summary.jsp (.../summary.jsp) (revision 0a6765ac7eb73c6b99c343a021877c48236241b8) +++ lams_tool_preview/web/pages/monitoring/summary.jsp (.../summary.jsp) (revision 2cad2462df185fce685da61762fb06d98ebee415) @@ -90,7 +90,7 @@ -

    ${criteria.title}

    +

    @@ -101,7 +101,7 @@ criteria.do?sessionMapID=${sessionMapID}&toolSessionId=${groupSummary.sessionId}&criteriaId=${criteria.ratingCriteriaId} - ${criteria.title} +